Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Renaming the file type bypasses attachment filter (Issue with Attachment filter)
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
Hi,

I have an issue with Kerio connect, if user wants to send or receive a file type that normally blocked by kerio connect attachment filter for example *.exe, they could rename the file extension myfile.exe to myfile.ddd before send the e-mail, this method will bypass attachment filter.

How i can make Kerio connect to determine the real file type of an attachment without relying on it's extension name?

For more information Kerio Connect is behined Kerio Winroute Firewall we are using integrated McAfee antivirus engine in both kerio connect and KWF

please advise me

Best Regards
  •  
Lyle M

Messages: 410

Karma: 7
Send a private message to this user
They could also zip any file and it will 'bypass' the attachment filter too.

So, is your concern that the recipient will receive the .ddd file, rename it with .exe and execute it?

The attachment filter is nothing more than a filter for files with specified filename extensions. It's not meant to be a file content analyzer that blocks potentially executable code.

That would be an interesting feature, which you could submit using the 'suggest idea' button on the Kerio Connect web admin main page. I imagine it would tie in more with an anti-virus engine (which analyzes the file content, even when zipped).
  •  
rigo

Messages: 123
Karma: -3
Send a private message to this user
yep, I rename files all the time to .pdf to get them past gmail--it is just a filter by extension
  •  
ajamali

Messages: 100
Karma: 1
Send a private message to this user
Quote:
So, is your concern that the recipient will receive the .ddd file, rename it with .exe and execute it?


yes, they just rename to the orignal file type and execute

They could also attach an object inside Ms Word file and it will bypass atachment filter too

Quote:
The attachment filter is nothing more than a filter for files with specified filename extensions. It's not meant to be a file content analyzer that blocks potentially executable code.


I agree with you, becuse I tried to filter by MIME type also when users renaming file type it will bypass attachment filter

I hope Kerio fix this Issue
Previous Topic: Email Forwarding
Next Topic: Unable to Check Webmail Inside LAN?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Oct 23 17:03:52 CEST 2017

Total time taken to generate the page: 0.00479 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.